• What payment screening entails.
• Why it can pose significant challenges.
• How technology can help.

What is payment screening?

Payment screening is the process of analyzing, verifying, and validating every incoming or outgoing transaction. Its purpose is to understand the risk of impropriety or criminal activity in any given payment. By screening payments, FIs can rapidly decide whether to escalate a potentially illicit transaction or allow a legitimate payment to go through.

This allows firms to remain compliant with anti-money laundering and counter-terrorist financing regulations (AML/CFTF) worldwide while protecting their customers and themselves from criminal attempts to siphon money or abuse payment rails. Because of this, FIs of all sizes must be able to screen every type of digital payment, from standard credit card transactions to faster payment schemes like FedNow and Instant SEPA credit.

The difference between payment screening, transaction monitoring, and transaction screening

Transaction monitoring refers to all the activities an FI undertakes to observe, record, and respond to customer interactions with its services. Transaction screening looks at individual transactions, such as payments, before they’ve been approved to stop especially high-risk activity. Payment screening is a facet of transaction screening, but it only deals with payments before they are processed. 

Each screening process involves similar steps but can vary based on the specific risk factors involved in the transactions being screened. 

Payment screening regulations

Payment screening is necessary because FIs worldwide are subject to many regulations and recommendations to tackle criminal activity like money laundering, terrorist financing, and fraud.

These regulations vary between jurisdictions, but they invariably require that firms demonstrate a capacity to monitor and screen payments. Prominent regulations include:

• The Second Payment Services Directive (PSD2) in the EU
  An integral European regulation established in 2018 for electronic payment services, PSD2 aims to improve the conditions for more consumer choice while simultaneously reducing fraud. The call for Strong Customer Authentication (SCA) is central to its directive.
  Notably, the UK remains aligned with the guidelines and recommendations in PSD2 to maintain steady relations with the EU.

• The Electronic Fund Transfer Act (EFTA) in the US
  Several federal agencies, including the Securities and Exchange Commission (SEC), Federal Deposit Insurance Corp (FDIC), Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), as well as state-run agencies, oversee the regulation of financial activity in the US.
  However, EFTA has played a central role in establishing the rights, responsibilities, and liabilities of consumers and those who offer payment services.

• The Payment Services Regulations 2017 (PSRs 2017) in the UK
  This primary legislation governing payment services in the UK aims to improve consumer protection and competition among FIs. It’s changed the requirements for client documentation, communicating with clients, and offering assistance to victims of fraud.
  In line with the EU’s calls for SCA, the Financial Conduct Authority (FCA) set out further rules for banks and payment service providers in 2021 that establish this requirement.

• Regulations on the supervision and administration of nonbank payment institutions in China
  Coming into effect on May 1, 2024, new regulations will bring modern digital payment providers under the scrutiny and rules of the Ministry of Justice and the People’s Bank of China (PBOC).
  The rules aim to strengthen user information protection and the general protection of users in light of the recent popularity of hundreds of new payment services and providers in the region.

Common risks associated with payments

Some common issues to look out for when processing payments include:

• Identity theft: This is when a criminal steals personal information and banking details to make purchases online, masquerading as an institution’s customer.
• Friendly fraud: This is when a customer uses their own card to make a purchase but then disputes the charge with the FI without a legitimate reason to do so.
• Authorized push fraud: This is when criminals coerce or manipulate victims into depositing money into their accounts through unscrupulous means.
• ‘Clean’ fraud: This is when a criminal uses customer credentials to make a purchase but then uses stolen payment information to evade fraud detection protocols. It’s particularly hard to detect.
• Money laundering: This is when a customer or criminal makes payments as part of a larger conspiracy to obfuscate the origin or destination of money in a bid to make that money seem legitimate.
• Terrorist financing: This is when a payment is made to a specific party for the purposes of financing terrorist activity while disguising itself as a more innocuous transaction.

The core elements of a payment screening process

An effective payment screening process involves coordinating several different components. These include:

• A clearly-defined risk-based approach (RBA): As is the case with all anti-money laundering and counter-terrorist financing (AML/CTF) efforts, firms need to translate their risk tolerance into clear policies and procedures. Both what needs to be done and the thresholds beyond which this might change need to be laid out in explicit detail.
• Clean, up-to-date, connected data: To ensure optimal screening decisions are being made at scale, businesses need the data informing those decisions – customer histories, third-party inputs, sanctions data – to be reliable. This is particularly essential when trying to automate the payment screening process but just as vital for escalations.
• Updated employee training: Whether they’re implementing automation in the screening process or handling exceptions when they arise, employees need to be routinely trained in the most relevant procedures, scenarios, and regulations. It’s equally important that this training is constantly updated and aligned with the firm’s risk-based approach.
• Intuitive, intelligent technology: Payment screening software needs to update as rapidly as data feeds do while still being intuitive enough to ensure compliance teams can manage cases at speed. This requires a combination of automation and interface design.
• Continuous auditing processes: To continue improving the payment screening process, firms need an independent function dedicated to auditing every aspect of it. The goal should be to identify weaknesses, suggest changes, and oversee the prompt implementation of these improvements.

How does the payment screening process work?

Once the initial payment message has been sent or received, the payment screening process begins. The diagram below details how ComplyAdvantage’s payment screening solution works, and the process can be broken down into five distinct stages.

Stage 1: Customer authentication and data verification

During the initial stage of a transaction, it is essential to gather all relevant data related to the payment message for validation. This includes the transaction amount, information about the sender and receiver, their respective locations, and any other essential details required for the payment to proceed smoothly.

Similarly, it’s important to verify the authenticity of the customer credentials to ensure that only legitimate transactions are processed. Therefore, both sets of data need to undergo a rigorous authentication process backed by robust technology and security protocols to minimize the risk of fraudulent activities.

Stage 2: Risk-based customer due diligence

Next, a risk assessment needs to be conducted to determine the probability of criminal activity based on the various degrees of customer due diligence outlined in the firm’s risk-based approach and how they apply to the specific customer in question.

This involves an evaluation based on the customer’s previous patterns of transacting, generalized patterns in historical data that indicate crime, the jurisdictions in question, and any other notable suspicions.

Stage 3: Sanctions, watchlist and PEP screening

Then, businesses need to scan sanctions lists, watchlists, and politically exposed person (PEP) lists (maintained by regulators worldwide) to identify potential matches with the sender, receiver, or related organizations.If the payment is legitimate, these initial checks should take only a few milliseconds. However, if there is any indication of illegitimacy, then the case must be escalated.

Stage 4: Escalation

If any of the preceding three stages raises a red flag that warrants further review, businesses will then escalate the payment in question to a dedicated team that specializes in conducting enhanced due diligence (EDD) processes. If this specialized team agrees that the payment is suspicious, it may be declined at this stage. However, after further review, the payment may be approved for processing.

Stage 5: Reporting

Finally, if a payment, sender, or receiver is flagged as suspicious, the firm needs to supply the corresponding documentation to the relevant authorities immediately.

More importantly, businesses also need to maintain regular and detailed records of all these stages regardless of the outcome of any investigation for auditability and collaboration with regulators.

The challenges of payment screening

Payment screening helps FIs overcome some serious risks. However, given the complexity of all the moving pieces involved in these procedures, it brings unique challenges, including:

• Speed: Through the lens of customer experience, the biggest challenge with payment screening is that it threatens the speed at which customers can get what they want. The value proposition for digital financial services is increasingly about convenience, so legitimate payments need to be validated in milliseconds.
• False positives: Operationally, one big challenge compliance teams face with payment screening is being swamped by false positives. Inadequate screening errs on the side of caution and stops even mildly suspicious transactions, but this overburdens the compliance team and severely hinders most customers’ experience.
• Staying up-to-date with sanctions lists: One of the biggest challenges for payment screening is to be able to continuously update watchlists, sanctions lists, and PEP lists from around the world. A fast screening process is ultimately no better if it’s unable to keep up to date with the latest developments in international crime.
• The complexity of the process: For the compliance teams escalating and reporting on cases, payment screening can create a convoluted workflow, given the number of moving parts involved. Professionals can quickly become tied in knots between disparate data feeds and applications for cases, relationships, and reporting.
• Maintaining auditability: At a regulatory level, payment screening presents firms with an additional challenge in terms of documentation. Ideally, every step is naturally recorded and made available for later review. But in reality, many firms struggle to provide the kind of transparency auditors need.

The importance of technology in payment screening

Given these challenges, firms must leverage advanced applications of technology like artificial intelligence (AI) and machine learning (ML) to automate and scale aspects of their AML payment screening processes. By automating fundamental steps like customer authentication and sanctions screening, firms can come closer to that necessary balance between speed and security.

Even when cases are escalated and need manual review, software can play an integral role in providing compliance teams with an intuitive workflow for rapidly managing anomalies.

Similarly, software can help teams document the necessary parts of each screening process so that they don’t have to undertake additional retrospective effort when reporting to regulators.

Payment screening with ComplyAdvantage

FIs of all sizes rely on ComplyAdvantage for intelligent, swift payment screening at scale. The platform uses a proprietary search matching algorithm to extract the full name and date of birth (if available) of the entity to be screened against an up-to-date and human-validated sanctions database. Firms can customize the payment screening platform to screen any entity, not just the counterparty, as long as a unique identifier is provided. 

Among the top benefits experienced by firms using Payment Screening by ComplyAdvantage include:

• The ability to process 99 percent of transactions in under half a second through the use of data-optimized screening algorithms, cloud technology, and integrated data and case management.
• Reduced false positives using risk-optimized matching algorithms, allowing compliance teams to focus on real threats.
• System-wide updates every hour based on market-leading data from human-validated sanctions lists, watchlists, and PEP lists, even during crises.

The post What is payment screening? A complete guide appeared first on ComplyAdvantage.

But what’s involved in effective transaction screening? How does it differ and overlap with a firm’s overall compliance process? And how can up-to-date technology enable it?

Discover the ins and outs of transaction screening, what separates it from transaction monitoring – and the best way to ensure an effective process.

What is transaction screening?

Transaction screening analyzes transactions for suspicious or prohibited activity before they are approved. If analysis confirms illicit or excessively risky activity, the transactions are stopped. This is necessary to filter out blatant attempts to get around regulations such as international sanctions. It also contributes to a layered, risk-based approach to AML/CFT due diligence.

Transaction screening vs transaction monitoring

Transaction screening looks at individual transactions, such as payments, before they’ve been approved to stop especially high-risk activity. For example, a transaction to a sanctioned entity or for prohibited goods can be denied regardless of the customer’s past activity. 

On the other hand, transaction monitoring analyzes transaction patterns for suspicious activity after they’ve been approved. Some transactions may not be obviously high risk on their own and pass the screening process. Yet, if they are part of a wider network of suspicious activity, their relationship to past transactions can alert monitoring teams to investigate further.

Transaction screening vs payment screening

Payment screening, while a type of transaction screening, only deals with payments before they are processed. On the other hand, transaction screening may deal with other types of transactions, from payments to cash deposits, withdrawals, and ACH transactions. 

The steps each screening process follows is similar, but can vary based on the specific risk factors involved in the transaction types being screened. 

Transaction screening and AML regulations

Regulators generally focus on a risk-based approach to AML/CFT rather than dictating tools and processes at a granular level. Still, transaction screening is a vital component of any sound program. 

Regulators require a customer due diligence program that enables firms to have sufficient customer information and to identify and report suspicious activity. Firms found to be lacking in customer due diligence can be penalized. For example:

• In the United States, the Financial Crimes Enforcement Network (FinCEN) fined a major firm $140m for failing to implement an AML program meeting the minimum Bank Secrecy Act (BSA) requirements.
• In the European Union, the French Autorité de Contrôle Prudentiel et de Résolution (ACPR) fined a firm €1.5m for failures that included insufficient customer due diligence (CDD) processes and deficient procedures for investigating suspicious payments.
• In the United Kingdom, the UK Gambling Commission fined a firm £9.4m for AML shortcomings, including a failure to establish customers’ source of funds (SOF).

A lack of sound screening could lead to CDD failures, including sanctions violations. This, in turn, could lead to regulatory penalties.

The Role of Technology and Talent in Transaction Screening

Discover how firms are investing to improve transaction screening processes and manage risk in an increasingly complex environment.

Download Now

Transaction screening red flags

When teams review transaction alerts during screening, they look for red flags that could indicate illicit or risky activity. These can include signs that the transaction:

• Is being sent to a sanctioned location.
• Involves possible illicit goods, such as dual-use goods.
• Is unusually large for the account.
• Is atypical for the account’s expected activity – such as business transactions on a personal account or vice-versa.
• In some other way falls outside the firm’s accepted risk appetite or policies.
• The sender or recipient is sanctioned or has associated negative news.
• Other parties in the payment may be associated with sanctions (e.g. the bank of the beneficiary).

Red flags are meant to be initial indicators that further investigation is needed. When analysts encounter any of the above red flags, they will generally initiate a deeper review. Sometimes, an activity that initially seemed suspect will be labeled legitimate after further clarification of the context. Other times, a payment will be confirmed as illicit (for example, if it involved sanctioned entities) – or at least high-risk enough to be stopped.

What is the AML transaction screening process?

Each transaction passes through a screening process before being approved. The exact steps may vary between institutions, depending on their policies and the tools they use. However, the process will often follow a pattern like this:

Payments that make it through the screening process are approved but are usually only looked at individually. After approval, those transactions are subject to ongoing monitoring alongside other transactions to ensure approved payments aren’t part of a larger pattern of suspicious activity. 

Transaction screening benefits

Regulators encourage firms to maintain appropriate transaction monitoring, but transaction screening is equally important owing to the following benefits: 

• Creating a barrier to criminal networks seeking to evade sanctions – It’s crucial for firms to take steps to prevent transactions that are in outright violation of regulations. 
• Reducing the number of alerts facing transaction monitoring – By stopping transactions that can be deemed unacceptable outright, payment screening teams free their transaction monitoring counterparts to investigate more pattern-based illicit activity.
• Improving compliance and risk management by implementing a multi-layer due diligence process – Effective AML/CFT depends on a coordinated, multi-layer approach from customer verification to ongoing due diligence. When calibrated according to a precise risk profile, the two-step screening and monitoring process helps firms mitigate transaction risks holistically. For this to work well, it’s essential that payment screening and monitoring teams are in communication and can alert one another of risky activity. Since each team looks at payments from a different angle, they may see things the other misses.

Transaction screening challenges

Firms can encounter transaction screening challenges related to outdated systems, unreliable or poorly processed data, and overwhelmed teams facing unrealistic screening workloads. These can include:

• Backlogs caused by false positives – When too many false positives are generated, they can congest queues and take away valuable analyst time from true positives. This translates to less accurate screening and analyst burnout.
• Unclear alert data – Analysts often face alerts that don’t clearly explain the data that triggered them. This leaves teams without the context needed to perform an adequate investigation. This, in turn, could result in too much time spent on low-risk activity – or a failure to recognize transactions that should be stopped.
• Out-of-date sanctions data – Firms may stop allowable transactions or permit illicit ones if their data is not closely synced with regulatory updates.
• Slow screening times – Firms often encounter delays of up to a day or longer processing individual alerts. This already impacts legitimate customer satisfaction. Yet with the advent of faster payments, customers will be expecting quicker processing. At the same time, ISO 20022 will mean an increase in incoming payment data. 

To keep pace, firms will need solutions that are not slowed down by inaccurate data or an inability to identify targeted risks. Even expert analysts are hampered in curbing a firm’s AML risks without adequate screening tools.

Mitigate AML risks with automated transaction screening solutions

To stay ahead of growing financial crime risks and regulatory requirements, firms must provide robust analyst support for alert investigations. This includes ensuring their transaction screening system provides clear, accurate, and comprehensive data for investigations.

ComplyAdvantage’s payment screening solution can help firms reach this goal. Using data-optimized screening algorithms, most payment transactions can be processed without delay. This is because screening lists can be tailored to a firm’s unique and changing risks, focusing on relevant risks without clogging analyst workflows with irrelevant ones. At the same time, sanctions lists are regularly updated straight from regulator sources. Firms can integrate these updates into their screening process within as little as an hour. The system supports fast payments and ISO 20022, ensuring firms are ready for the payments future.

The post What is transaction screening, and why is it important? appeared first on ComplyAdvantage.

• Accurately detects risks and explains why alerts were generated.
• Integrates across your compliance tech stack.
• Provides up-to-date sanctions and politically exposed person (PEP) data.
• Can be tuned internally without waiting on third-party assistance.

This article summarizes top payment screening vendors, how to assess payment screening software, and where key firms sit on the G2 GridⓇ for Anti-Money Laundering.

Payment screening software: 4 features to look for 

When evaluating payment screening software vendors, there are several features compliance teams should look for: 

1. Ability to manage real-time payment rails: The growth of real-time rails like SEPA Instant and FedNow means firms need a screening solution that can operate in real-time and scale as payment volumes grow. Daily screening based on managing transactions in batches will no longer be sufficient.  
2. Data quality: Geopolitical instability means sanctions lists are changing unprecedentedly. This makes the quality of vendors’ databases critical – particularly their ability to quickly and accurately update lists at short notice.
3. Effective implementation: Often overlooked in the evaluation process, an inefficient implementation can delay the roll-out of new products and/or compromise a firm’s ability to implement its risk-based approach effectively. Compliance teams should ask vendors for proof of how customers have rated their implementations.
4. Advanced capabilities: Beyond the payment screening software’s core features, what other capabilities does the vendor offer? Risk scoring, fuzzy matching, adverse media screening, and insightful data visualizations are all potential areas to inquire about.

Top payment screening software companies

1. ComplyAdvantage

The G2 GridⓇ for Anti-Money Laundering is a helpful way of measuring financial crime risk management vendors based on customer reviews. The G2 GridⓇ lists ComplyAdvantage as a leader in anti-money laundering.

Payment screening from ComplyAdvantage can be purchased as a standalone solution or leveraged as part of the broader ComplyAdvantage fraud and anti-money laundering (AML) risk detection suite. It allows clients to screen all major transaction types in real-time via a RESTful API and has four key benefits:

1. Market-leading data – We source from 140 global sanctions lists, 1200 watchlists, 244 PEP jurisdictions and monitor regulators directly for updates. Our sanctions lists are always updated so teams can screen against updated lists in as little as 60 minutes.
2. Intuitive interface – Data, screening engine, and case management are all integrated with one easy-to-use platform.
3. Support for all major payment types, including faster payments – Screening as fast as 150 to 500 milliseconds supports leading faster payment schemes (including Instant SEPA Credit, Faster Payments, and FedNow.) A single API call screens every element of a transaction in real time.
4. Configurable risk – Screen against multiple data points to avoid true positive misses for sanctioned banks or other intermediaries.

Top ComplyAdvantage Features:

• Real-time screening: Screen transactions in real-time to prevent delays and ensure efficient processing.
• Optimized algorithms calibrated to our data power fast, accurate screening flexibility, and higher straight-through processing (STP) rates.
• Tailored risk: Adjust the screening process based on your firm’s unique risk appetite and compliance requirements.
• Flexible integration: Integrate with various payment systems and data sources in batch or real-time.
• Robust reporting: Generate reports and provide insights to customers on screening results and any compliance issues.
• Flexible screening: Screen any payment attribute, including names, BIC codes, countries – even unstructured text fields.
• Customizable screening profiles: Apply tailored lists and fuzziness levels to different payment corridors – for a differentiated, risk-based payments approach.
• JSON RESTful API offers seamless integration. 
• Out-of-the-box integration with several core banking platforms.
• Flexible fuzzy logic and matching algorithms can screen using exact or approximate name matches.
• Real-time API or batch ingestion of customer transaction data.
• Comprehensive rules are set to screen transactions against sanctions lists, PEPs and RCAs, warnings & regulatory enforcement, fitness & probity, and customer-supplied lists.
• All-in-one data and platform solution integrated across the full screening stack – from data to screening and case management.

Companies that use ComplyAdvantage to screen payments include Currencycloud, Holvi, Raisin Bank, AZA Finance, and Qonto.

Power a no-compromise payment experience with ComplyAdvantage

See how our payment screening solution that's purpose-built for speed works.

Get a demo

2. LexisNexis

According to Crunchbase, LexisNexis Risk Solutions “provides information to assist customers in industry and government in assessing, predicting and managing risk.” Headquartered in Atlanta, Georgia, the firm has offices in 24 countries worldwide.

3. Hawk:AI

Crunchbase states Hawk AI is a “money-laundering detection & investigation platform.” Investors, including Sands Capital, DN Capital, and BlackFin Capital Partners, fund Hawk AI. It was founded in 2018 and has its headquarters in Germany.

4. Napier

According to Crunchbase, Napier is “a new breed of financial crime compliance technology specialist.” Founded in 2018 and based in London, the firm has secured investment from Crestline Investors.

5. FinScan

Crunchbase describes FinScan as providing “the most advanced sanctions list and PEP compliance solutions available to help financial services organizations.” The company was founded in 2008 and is headquartered in Australia.

How to measure success

While every firm will have different objectives and challenges with their payment screening software, success metrics should include:

• Protect the firm and its customers’ reputation. Payment screening software is critical to ensuring firms don’t enable payments to be sent to sanctioned individuals. 
• Deliver an outstanding customer experience. Customers expect to send and receive money in real-time – an effective payment screening solution can ensure AML checks are seldom the reason why this isn’t possible. 
• Effective internal processes. Intuitive workflows should allow compliance leaders to delegate resources, prioritize the greatest risks, and resolve alerts faster. 
• Integration with wider AML stack: To maximize the value of payment screening software, it should be implemented alongside other key AML programs, such as negative news screening. This will ensure a firm’s risk-based approach can be rolled out in an integrated, holistic way.

Next Steps: Explore Payment Screening from ComplyAdvantage

Discover why leading firms choose ComplyAdvantage for Payment Screening, and book a demo to see the solution for yourself.

All information sourced from publicly available websites is correct as of March 2024. If you’d like to request a correction, please e-mail content@complyadvantage.com and we’d be happy to review this with you.

The post The best payment screening software and companies in 2024 appeared first on ComplyAdvantage.

What is fraud prevention?

Fraud prevention refers to a firm’s policies, functions, and processes that keep fraud from occurring. No fraud prevention strategy is foolproof, but firms can focus on preventing the types of fraud they’re most at risk for. This will ensure they use their resources most effectively. To do this well, they can implement regular risk assessments to ensure their framework is based on realistic risks.

The difference between fraud prevention and detection

Fraud prevention and detection are complementary strategies to reduce fraudulent activity and losses. Fraud detection identifies fraudulent activity that has occurred or been attempted. It responds to an existing threat. With fraud prevention, firms implement policies and safeguards that make it harder for criminals to commit fraud. Examples include:

• Employee and customer screening.
• Customer education.
• Customers can activate card freezing and similar protections if their account is compromised.
• Transaction screening.

5 tips on how to prevent fraud

Even though a thorough fraud prevention strategy must be tailored to a firm’s unique risks, there are several facets that every firm should consider.

1. Conduct an enterprise-wide risk assessment (EWRA)

Effective fraud prevention programs must be risk-based. This entails performing regularly-updated EWRAs that analyze fraud risks based on a firm’s unique context. An up-to-date EWRA will help a firm focus on the fraud risks relevant to its operations and avoid wasted resources on low-risk typologies for their business and sector. Armed with a comprehensive understanding of its true risk, the firm can consider its risk appetite. Since risk can never be completely eliminated, a risk appetite considers a realistic and effective level of risk control that enables reasonable business to continue. 

To effectively apply its individualized risk assessment, a firm should create controls addressing its residual risk – what lies beyond the firm’s risk appetite. Specifically, fraud risks should be controlled in light of the overall risk profile, including other risky behaviors and typologies. Traditionally, firms have viewed fraud prevention as part of a process primarily aimed at reducing loss to the company and maintaining positive customer service. While these are important fraud detection and prevention aspects, they are not the whole picture. As a predicate offense to money laundering, fraud is often tied to broader criminal activity, from other predicate crimes such as wildlife and drug trafficking to money laundering and terrorist financing. To effectively combat fraud, firms must understand it in its entire context rather than viewing fraud events as isolated incidents.

All too often, fraud and AML teams operate in siloes. Yet both departments have access to information that could significantly improve the firm’s overall understanding and mitigation of its risks. For example, money laundering patterns could lead back to fraud as their source, alerting a firm to risks they may not have adequately prevented. This, in turn, could lead to better fraud prevention – and detection should activity slip through the cracks. 

2. Strengthen internal controls

Firms should take stock of their business operations in light of their updated EWRA and risk appetite. Because the risk a firm faces depends on its unique activities and structure, it is impossible to give a universally exhaustive list of necessary controls and policies. The firm must ultimately determine this as appropriate to its own operations and obligations. That said, risk-based controls and policies will share several features in common.

Internal fraud prevention

Employees can use their access to fraudulently benefit themselves or others. In more serious scenarios, those higher up in a firm can use it as a front to perpetuate their own illegal activity, which could include theft, money laundering, bribery, and terrorist financing. 

In dealing with sensitive financial information, firms should ensure they understand which duties are incompatible, meaning different people should hold them and have strictly controlled access to relevant information. This is a basic necessity for the prevention of internal fraud. According to accountants Alexander Aronson Finning CPAs, four categories should never be held by the same personnel:

• Authorization or approval. 
• Custody of assets. 
• Recording transactions. 
• Reconciliation/control activity.

External fraud prevention

Firms must ensure customers are protected from exploitation by fraudsters and that fraudsters do not open and use their accounts to perpetrate fraud. This latter scenario can cross into anti-money laundering (AML), as the two can easily overlap when the fraudster is the account owner. Policies should include processes and roles that help to mitigate this risk in line with a firm’s most recent EWRA.

Thorough documentation of processes and roles is essential to ensure the fraud prevention program aligns with risks, strategizes for the right functions and resources, and complies with any applicable laws, such as those regulating the handling of sensitive information. It’s also necessary for proper segregation of duties. Finally, it will provide a clear baseline to measure against when auditing a fraud prevention program for effectiveness.

3. Create a fraud prevention culture

No fraud prevention program will be effective if it does not permeate the firm. This means everyone should be aware of the risks associated with internal fraud and trained in basic security measures to prevent it. 

Training

Knowledgeable, well-trained staff are crucial to a well-designed fraud prevention program. Aside from hiring capable individuals, the individualized nature of each firm’s risk requires regular training. Even veteran fraud professionals will not be familiar with a firm’s unique risk landscape without continual updates. Training should be updated to align with a firm’s most recent EWRA and provide a holistic picture of fraud risks and compliance requirements.

Avoiding generic or rote programs can also help with retention and compliance. Effective training goes beyond imparting static knowledge or testing short-term memory. Instead, it practically orients fraud professionals and gives them a concrete understanding of how policies practically apply daily. Staff will then be better able to carry out more effective fraud prevention.

Anyone dealing with customer information – even if their role is not explicitly related to fraud – should be thoroughly trained to understand when customers may be at risk of exploitation. They should have a reliable chain of command to turn to when they suspect a customer may be especially vulnerable or getting scammed.

Sound governance

General awareness also needs to be supported by sound governance. To ensure fraud prevention policies, procedures, and roles are properly implemented, it’s important to soundly structure roles, from upper leadership to each team and its members. Although each governance model will be tailored to a firm’s unique risks, there are core features most programs should entail.

The three-lines-of-defense model is an industry-validated approach to governance in risk management. It provides a sound framework for firms as they determine the roles needed to respond to the risks uncovered by their tailored EWRA. PwC provides a helpful outline of what each line entails.

1. First line – These are the people in charge of the front-facing fraud prevention strategy and its associated processes. A well-developed first line should include an autonomous senior executive assigned to coordinate the strategy and processes for all first-line risk management, especially:
     •  Fraud strategy development and implementation.  •  Fraud analysis, investigation, recovery, and reporting. 

     •  Coordination between fraud prevention and related functions, especially cyber security, authentication, customer service, and broader financial crime risk management (including AML).

   This executive oversight should keep the fraud prevention and risk management function running smoothly. It should ensure all teams are working at their best with appropriate equipment and that the whole process is risk-based and integrates with wider risk management functions.

2. Second line – Those involved in the second line are responsible for establishing an objective, holistic, and well-structured picture of the company’s fraud risks. This is most reliably established through regularly updated EWRAs, which will look at financial crime risks within the context of the firm’s activities and regulatory requirements. Based on the risk profile established, this line of defense will also ensure adequate policies and procedures are in place.
   The second line of defense for fraud prevention will include the compliance team, overseeing the fraud prevention program’s compliance with company policy and, as applicable, any regulations such as privacy protection laws and any overlapping AML obligations.
3. Third line – Independent assessment and accountability are crucial to any effective risk management program. As such, the third line of defense helps hold both the first and second lines accountable by assessing the adequacy and effectiveness of their policies, procedures, and processes. This is done through internal auditing.

Firms are also well-advised to undertake third-party reviews of their risk management processes to ensure all three lines of defense are held accountable. 

4. Implement strong cybersecurity measures

Cybersecurity is key to ensuring a company’s sensitive data is not compromised, falling into the wrong hands and violating regulatory requirements. Every firm’s tech must have built-in cybersecurity measures. Firms should also train employees in basic cyber hygiene. This can prevent internal attacks such as unauthorized account access or spear phishing, where a fraudster poses as a trusted person to obtain money or sensitive information to be used in a fraudulent scheme.

Digital-native firms not operating bug bounty programs – incentive-based programs designed to stress test platforms for potential flaws – should also consider implementing them alongside frequently-scheduled pen testing exercises.

A dedicated information security team is key to effective cybersecurity. This team should be well-trained and knowledgeable in how their function can help prevent internal fraud. A firm’s fraud prevention governance policies should delineate their roles and responsibilities.

5. Establish a process for response in case of an incident

When an internal fraud incident occurs, it may be argued that the time for prevention is past. However, a swift and adequate response can help ensure the incident does not blow out of proportion. In line with their most recent risk assessment, firms should consider fraud scenarios for which they may be especially at risk. A response strategy can be outlined for each scenario and validated against industry practice. Such scenarios might include:

• Strategies for responding to an information security breach or hack.
• A chain of command and process to follow if an employee believes they’ve discovered evidence a colleague is committing fraud.

Using advanced tech: Emerging technologies for fraud prevention

The support of proper technology is increasingly vital to reliable risk management. For example, machine learning and artificial intelligence enable the detection of otherwise hidden risks. Firms can use this for fraud prevention in customer due diligence, deploying tools that implement natural language processing (NLP) for more effective adverse media checks at onboarding. 

ComplyAdvantage’s AI-powered transaction screening and monitoring solution, for example, can adapt to evolving fraud typologies, which can, in turn, help firms update their fraud prevention strategy to reflect the latest risks. Similarly, with Fraud Detection by ComplyAdvantage, firms can enhance their fraud prevention strategies as they leverage one of the most powerful machine learning models that not only detects fraud but also explains the reason why each alert was created.

Firms may consider how technology might empower anti-fraud teams to use their time and analytical capabilities better by reducing false positives and offering better insights. Even firms not yet ready for a technological overhaul can benefit from AI overlays that offer intelligent risk detection and alert prioritization to legacy platforms. Firms can also audit their existing tools to ensure they support a risk-based approach.

The post What is fraud prevention, and why is it important? appeared first on ComplyAdvantage.